Skip to content

fixed #4529, parse and detect old bitnami img pkgs #4532

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kzantow merged 2 commits into from
Jan 7, 2026
Merged

fixed #4529, parse and detect old bitnami img pkgs #4532

kzantow merged 2 commits into from
Jan 7, 2026

Conversation

@rezmoss
Copy link
Contributor

@rezmoss rezmoss commented Jan 6, 2026

Description

fixed #4529, parse and detect old bitnami img pkgs

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (please discuss with the team first; Syft is 1.0 software and we won't accept breaking changes without going to 2.0)
  • Documentation (updates the documentation)
  • Chore (improve the developer experience, fix a test flake, etc, without changing the visible behavior of Syft)
  • Performance (make Syft run faster or use less memory, without changing visible behavior much)

Checklist

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

Issue references

rezmoss added 2 commits January 6, 2026 15:15
@rezmoss
fixed anchore#4529, parse and detect old bitnami img pkgs
eeeac03 
Signed-off-by: Rez Moss <hi@rezmoss.com>
@rezmoss
fixed anchore#4529, parse and detect old bitnami img pkgs, update cap…
d4c7f5d 
…abilitirs.yml

Signed-off-by: Rez Moss <hi@rezmoss.com>
kzantow
kzantow approved these changes Jan 7, 2026
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

syft/pkg/cataloger/bitnami/cataloger.go
"/opt/bitnami/**/.spdx-*.spdx",
).
WithParserByGlobs(parseComponentsJSON,
"/opt/bitnami/.bitnami_components.json",
Copy link
Contributor

@kzantow kzantow Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this always at /opt/bitnami/..? I guess we can always start specific and if needed make this a glob search 👍

syft/pkg/cataloger/bitnami/parse_components.go
"",
).String()

metadata := &pkg.BitnamiSBOMEntry{
Copy link
Contributor

@kzantow kzantow Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally, we try to have metadata types that are very specific to the source material, and the SBOMEntry part makes this a little misleading, since these component definitions don't seem to be SBOMs, exactly. But if we made a different type it would be almost identical anyway, so this seems good to me (team agreed), just noting it.

@kzantow kzantow merged commit 7f1d57d into anchore:main Jan 7, 2026
10 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Jan 8, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kzantow kzantow kzantow approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

old bitnami images without spdx files arent getting picked up correctly in the catalog

2 participants

@rezmoss @kzantow